Written by Laurent Dupont

In the pocket

ISO 27001-certification

Toreon understands the development business and in terms of technical knowledge they are a lot more advanced.

The Belgian digital product studio In The Pocket was looking for the perfect partner for its ISO 27001 certification. Toreon turned out to be the perfect match. The transparent approach, but also the a-to-z support of the certification process of Toreon are definitely elements that convinced In The Pocket.

In The Pocket is a digital product studio that develops digital products with the latest technology for mobile, web, cross reality, machine learning and cloud applications. The Ghent-based start-up grew into a solid company with more than 130 employees in Ghent and Leuven in just a few years time.

In order to continue to grow, In The Pocket wanted to prove to potential customers that it is a secure company that develops secure software. Essential for a digital player and nowadays a requirement now that the General Data Protection Regulation (better known as GDPR) has hardened privacy rules.

Security certificates provide organisations with a framework to meet GDPR requirements. For customers, they are a label they can rely on. ISO 27001 is the international standard for information security and is therefore recognised worldwide.

Such certification is supervised by external auditors. So it is the best way to show the market that you, as an organisation, comply with all the game rules. It also offers a structure to maintain and, where possible, improve one’s own security.

An ISO 27001 certification is simply an extensive task. That’s why In The Pocket absolutely wanted to find the ideal partner. ” Throughout that GDPR story, we decided a year and a half ago to focus on obtaining a security certificate,” says Louis De Jaeger, the security officer at In The Pocket and the project manager for ISO implementation and certification.

ISO
27001

ISMS

THREAT
MODELING

True security expert

“We started looking for the perfect partner because you can’t handle it alone”, Louis continues. “We ended up at Toreon and soon got the feeling that there was a good match between our two companies. Toreon is a true security expert. They understand the development business and in terms of technical knowledge they are a lot more advanced than their competitors. They strive not only to implement the standard but also to effectively raise the level of security”.

As part of the ISO 27001 certification, Toreon had to implement an information security management system at In The Pocket. Toreon’s assignment was to manage this rollout from beginning to end.

“What’s unique about Toreon,” says Louis, “is that they’ve coached us throughout the process so we can maintain our ISMS ourselves.” In addition, Toreon documents the policies and procedures in detail and rolls out control measures so that In The Pocket can adequately secure information. The coaching therefore goes beyond the implementation of a management system.”

``In the meantime, Toreon is our full partner when it comes to development. They think along openly and feel good about our company culture. They are now doing a number of other projects for us.``

Louis De Jaeger – Security & Privacy Officer – In The Pocket

Transparent and flexible

Louis is the single point of contact for Toreon. But under Toreon’s wings he turned out to be a real security officer. “The contact between our two companies went very smoothly,” he says. “Toreon is extremely transparent and flexible before, during and after the implementation of ISO 27001 certification.

An ISO 27001 certification always starts from a status report. “Where are we right now?”, Louis explains. “We’ve checked all aspects with Toreon to move on to a risk analysis. Then we started the actual process.”

“Siebe De Roovere from Toreon also visited the office almost every week to supervise the implementation. Especially during the first phases, to go over what had been realized. And then to make adjustments for the next audits”.

Competitive

Information security is a requirement in itself, but an ISO 27001 certificate is more than ever a prerequisite for companies to remain competitive in their business. And with this certificate, In The Pocket can attract customers with high compliance requirements.

“Absolutely”, Louis confirms. “An ISMS results in better service. And a secure development environment is reflected in a better product anyway. So, yes, ISO 27001 certainly gives us benefits in the procurement phase.”

Thinking along, even after the job

In The Pocket obtained its ISO-27001 certification. But once that certificate is obtained, internal audits take place every year. A preparation for the tri-annual external audit.

In The Pocket also relies on Toreon for these internal audits. “Thanks to Toreon, we are perfectly prepared for the external audits. For example, we held a threat modeling workshop,” adds Louis.

For In The Pocket, technology is important, but we also had to bring about a behavioral change among the employees. “That’s why the procedures we developed with Toreon are essential,” concludes Louis. “They make people more aware of the dangers of unsecured systems. Some adjustments have also been made in the area of HR. So, it goes a little wider than pure development.”